rubinius-net-ldap 0.11

data/test/test_filter.rb

@@ -0,0 +1,223 @@
+require File.expand_path('../test_helper', __FILE__)
+
+class TestFilter < Test::Unit::TestCase
+  Filter = Net::LDAP::Filter
+
+  def test_bug_7534_rfc2254
+    assert_equal("(cn=Tim Wizard)",
+                 Filter.from_rfc2254("(cn=Tim Wizard)").to_rfc2254)
+  end
+
+  def test_invalid_filter_string
+    assert_raises(Net::LDAP::FilterSyntaxInvalidError) { Filter.from_rfc2254("") }
+  end
+
+  def test_invalid_filter
+    assert_raises(Net::LDAP::OperatorError) {
+      # This test exists to prove that our constructor blocks unknown filter
+      # types. All filters must be constructed using helpers.
+      Filter.__send__(:new, :xx, nil, nil)
+    }
+  end
+
+  def test_to_s
+    assert_equal("(uid=george *)", Filter.eq("uid", "george *").to_s)
+  end
+
+  def test_convenience_filters
+    assert_equal("(uid=\\2A)", Filter.equals("uid", "*").to_s)
+    assert_equal("(uid=\\28*)", Filter.begins("uid", "(").to_s)
+    assert_equal("(uid=*\\29)", Filter.ends("uid", ")").to_s)
+    assert_equal("(uid=*\\5C*)", Filter.contains("uid", "\\").to_s)
+  end
+
+  def test_c2
+    assert_equal("(uid=george *)",
+                 Filter.from_rfc2254("uid=george *").to_rfc2254)
+    assert_equal("(uid:=george *)",
+                 Filter.from_rfc2254("uid:=george *").to_rfc2254)
+    assert_equal("(uid=george*)",
+                 Filter.from_rfc2254(" ( uid =  george*   ) ").to_rfc2254)
+    assert_equal("(!(uid=george*))",
+                 Filter.from_rfc2254("uid!=george*").to_rfc2254)
+    assert_equal("(uid<=george*)",
+                 Filter.from_rfc2254("uid <= george*").to_rfc2254)
+    assert_equal("(uid>=george*)",
+                 Filter.from_rfc2254("uid>=george*").to_rfc2254)
+    assert_equal("(&(uid=george*)(mail=*))",
+                 Filter.from_rfc2254("(& (uid=george* ) (mail=*))").to_rfc2254)
+    assert_equal("(|(uid=george*)(mail=*))",
+                 Filter.from_rfc2254("(| (uid=george* ) (mail=*))").to_rfc2254)
+    assert_equal("(!(mail=*))",
+                 Filter.from_rfc2254("(! (mail=*))").to_rfc2254)
+  end
+
+  def test_filter_with_single_clause
+    assert_equal("(cn=name)", Net::LDAP::Filter.construct("(&(cn=name))").to_s)
+  end
+
+  def test_filters_from_ber
+    [
+      Net::LDAP::Filter.eq("objectclass", "*"),
+      Net::LDAP::Filter.pres("objectclass"),
+      Net::LDAP::Filter.eq("objectclass", "ou"),
+      Net::LDAP::Filter.ge("uid", "500"),
+      Net::LDAP::Filter.le("uid", "500"),
+      (~ Net::LDAP::Filter.pres("objectclass")),
+      (Net::LDAP::Filter.pres("objectclass") & Net::LDAP::Filter.pres("ou")),
+      (Net::LDAP::Filter.pres("objectclass") & Net::LDAP::Filter.pres("ou") & Net::LDAP::Filter.pres("sn")),
+      (Net::LDAP::Filter.pres("objectclass") | Net::LDAP::Filter.pres("ou") | Net::LDAP::Filter.pres("sn")),
+
+      Net::LDAP::Filter.eq("objectclass", "*aaa"),
+      Net::LDAP::Filter.eq("objectclass", "*aaa*bbb"),
+      Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*ccc"),
+      Net::LDAP::Filter.eq("objectclass", "aaa*bbb"),
+      Net::LDAP::Filter.eq("objectclass", "aaa*bbb*ccc"),
+      Net::LDAP::Filter.eq("objectclass", "abc*def*1111*22*g"),
+      Net::LDAP::Filter.eq("objectclass", "*aaa*"),
+      Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*"),
+      Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*ccc*"),
+      Net::LDAP::Filter.eq("objectclass", "aaa*"),
+      Net::LDAP::Filter.eq("objectclass", "aaa*bbb*"),
+      Net::LDAP::Filter.eq("objectclass", "aaa*bbb*ccc*"),
+    ].each do |ber|
+      f = Net::LDAP::Filter.parse_ber(ber.to_ber.read_ber(Net::LDAP::AsnSyntax))
+      assert(f == ber)
+      assert_equal(f.to_ber, ber.to_ber)
+    end
+  end
+
+  def test_ber_from_rfc2254_filter
+    [
+      Net::LDAP::Filter.construct("objectclass=*"),
+      Net::LDAP::Filter.construct("objectclass=ou"),
+      Net::LDAP::Filter.construct("uid >= 500"),
+      Net::LDAP::Filter.construct("uid <= 500"),
+      Net::LDAP::Filter.construct("(!(uid=*))"),
+      Net::LDAP::Filter.construct("(&(uid=*)(objectclass=*))"),
+      Net::LDAP::Filter.construct("(&(uid=*)(objectclass=*)(sn=*))"),
+      Net::LDAP::Filter.construct("(|(uid=*)(objectclass=*))"),
+      Net::LDAP::Filter.construct("(|(uid=*)(objectclass=*)(sn=*))"),
+
+      Net::LDAP::Filter.construct("objectclass=*aaa"),
+      Net::LDAP::Filter.construct("objectclass=*aaa*bbb"),
+      Net::LDAP::Filter.construct("objectclass=*aaa bbb"),
+      Net::LDAP::Filter.construct("objectclass=*aaa  bbb"),
+      Net::LDAP::Filter.construct("objectclass=*aaa*bbb*ccc"),
+      Net::LDAP::Filter.construct("objectclass=aaa*bbb"),
+      Net::LDAP::Filter.construct("objectclass=aaa*bbb*ccc"),
+      Net::LDAP::Filter.construct("objectclass=abc*def*1111*22*g"),
+      Net::LDAP::Filter.construct("objectclass=*aaa*"),
+      Net::LDAP::Filter.construct("objectclass=*aaa*bbb*"),
+      Net::LDAP::Filter.construct("objectclass=*aaa*bbb*ccc*"),
+      Net::LDAP::Filter.construct("objectclass=aaa*"),
+      Net::LDAP::Filter.construct("objectclass=aaa*bbb*"),
+      Net::LDAP::Filter.construct("objectclass=aaa*bbb*ccc*"),
+    ].each do |ber|
+      f = Net::LDAP::Filter.parse_ber(ber.to_ber.read_ber(Net::LDAP::AsnSyntax))
+      assert(f == ber)
+      assert_equal(f.to_ber, ber.to_ber)
+    end
+  end
+end
+
+# tests ported over from rspec. Not sure if these overlap with the above
+# https://github.com/ruby-ldap/ruby-net-ldap/pull/121
+class TestFilterRSpec < Test::Unit::TestCase
+  def test_ex_convert
+    assert_equal '(foo:=bar)', Net::LDAP::Filter.ex('foo', 'bar').to_s
+  end
+
+  def test_ex_rfc2254_roundtrip
+    filter = Net::LDAP::Filter.ex('foo', 'bar')
+    assert_equal filter, Net::LDAP::Filter.from_rfc2254(filter.to_s)
+  end
+
+  def test_ber_conversion
+    filter = Net::LDAP::Filter.ex('foo', 'bar')
+    ber = filter.to_ber
+    assert_equal filter, Net::LDAP::Filter.parse_ber(ber.read_ber(Net::LDAP::AsnSyntax))
+  end
+
+  [
+    '(o:dn:=Ace Industry)',
+    '(:dn:2.4.8.10:=Dino)',
+    '(cn:dn:1.2.3.4.5:=John Smith)',
+    '(sn:dn:2.4.6.8.10:=Barbara Jones)',
+    '(&(sn:dn:2.4.6.8.10:=Barbara Jones))'
+  ].each_with_index do |filter_str, index|
+    define_method "test_decode_filter_#{index}" do
+      filter = Net::LDAP::Filter.from_rfc2254(filter_str)
+      assert_kind_of Net::LDAP::Filter, filter
+    end
+
+    define_method "test_ber_conversion_#{index}" do
+      filter = Net::LDAP::Filter.from_rfc2254(filter_str)
+      ber = Net::LDAP::Filter.from_rfc2254(filter_str).to_ber
+      assert_equal filter, Net::LDAP::Filter.parse_ber(ber.read_ber(Net::LDAP::AsnSyntax))
+    end
+  end
+
+  def test_apostrophes
+    assert_equal "(uid=O'Keefe)", Net::LDAP::Filter.construct("uid=O'Keefe").to_rfc2254
+  end
+
+  def test_equals
+    assert_equal Net::LDAP::Filter.eq('dn', 'f\2Aoo'), Net::LDAP::Filter.equals('dn', 'f*oo')
+  end
+
+  def test_begins
+    assert_equal Net::LDAP::Filter.eq('dn', 'f\2Aoo*'), Net::LDAP::Filter.begins('dn', 'f*oo')
+  end
+
+  def test_ends
+    assert_equal Net::LDAP::Filter.eq('dn', '*f\2Aoo'), Net::LDAP::Filter.ends('dn', 'f*oo')
+  end
+
+  def test_contains
+    assert_equal Net::LDAP::Filter.eq('dn', '*f\2Aoo*'), Net::LDAP::Filter.contains('dn', 'f*oo')
+  end
+
+  def test_escape
+    # escapes nul, *, (, ) and \\
+    assert_equal "\\00\\2A\\28\\29\\5C", Net::LDAP::Filter.escape("\0*()\\")
+  end
+
+  def test_well_known_ber_string
+    ber = "\xa4\x2d" \
+      "\x04\x0b" "objectclass" \
+      "\x30\x1e" \
+      "\x80\x08" "foo" "*\\" "bar" \
+      "\x81\x08" "foo" "*\\" "bar" \
+      "\x82\x08" "foo" "*\\" "bar".b
+
+    [
+      "foo" "\\2A\\5C" "bar",
+      "foo" "\\2a\\5c" "bar",
+      "foo" "\\2A\\5c" "bar",
+      "foo" "\\2a\\5C" "bar"
+    ].each do |escaped|
+      # unescapes escaped characters
+      filter = Net::LDAP::Filter.eq("objectclass", "#{escaped}*#{escaped}*#{escaped}")
+      assert_equal ber, filter.to_ber
+    end
+  end
+
+  def test_parse_ber_escapes_characters
+    ber = "\xa4\x2d" \
+      "\x04\x0b" "objectclass" \
+      "\x30\x1e" \
+      "\x80\x08" "foo" "*\\" "bar" \
+      "\x81\x08" "foo" "*\\" "bar" \
+      "\x82\x08" "foo" "*\\" "bar".b
+
+    escaped = Net::LDAP::Filter.escape("foo" "*\\" "bar")
+    filter = Net::LDAP::Filter.parse_ber(ber.read_ber(Net::LDAP::AsnSyntax))
+    assert_equal "(objectclass=#{escaped}*#{escaped}*#{escaped})", filter.to_s
+  end
+
+  def test_unescape_fixnums
+    filter = Net::LDAP::Filter.eq("objectclass", 3)
+    assert_equal "\xA3\x10\x04\vobjectclass\x04\x013".b, filter.to_ber
+  end
+end

data/test/test_filter_parser.rb

@@ -0,0 +1,20 @@
+# encoding: utf-8
+require File.expand_path('../test_helper', __FILE__)
+
+class TestFilterParser < Test::Unit::TestCase
+  def test_ascii
+    assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(cn=name)")
+  end
+
+  def test_multibyte_characters
+    assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(cn=名前)")
+  end
+
+  def test_brackets
+    assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(cn=[{something}])")
+  end
+
+  def test_colons
+    assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(ismemberof=cn=edu:berkeley:app:calmessages:deans,ou=campus groups,dc=berkeley,dc=edu)")
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,66 @@
+# Add 'lib' to load path.
+require 'test/unit'
+require 'net/ldap'
+require 'flexmock/test_unit'
+
+# Whether integration tests should be run.
+INTEGRATION = ENV.fetch("INTEGRATION", "skip") != "skip"
+
+# The CA file to verify certs against for tests.
+# Override with CA_FILE env variable; otherwise checks for the VM-specific path
+# and falls back to the test/fixtures/cacert.pem for local testing.
+CA_FILE =
+  ENV.fetch("CA_FILE") do
+    if File.exist?("/etc/ssl/certs/cacert.pem")
+      "/etc/ssl/certs/cacert.pem"
+    else
+      File.expand_path("fixtures/cacert.pem", File.dirname(__FILE__))
+    end
+  end
+
+if RUBY_VERSION < "2.0"
+  class String
+    def b
+      self
+    end
+  end
+end
+
+class MockInstrumentationService
+  def initialize
+    @events = {}
+  end
+
+  def instrument(event, payload)
+    result = yield(payload)
+    @events[event] ||= []
+    @events[event] << [payload, result]
+    result
+  end
+
+  def subscribe(event)
+    @events[event] ||= []
+    @events[event]
+  end
+end
+
+class LDAPIntegrationTestCase < Test::Unit::TestCase
+  # If integration tests aren't enabled, noop these tests.
+  if !INTEGRATION
+    def run(*)
+      self
+    end
+  end
+
+  def setup
+    @service = MockInstrumentationService.new
+    @ldap = Net::LDAP.new \
+      :host                     => ENV.fetch('INTEGRATION_HOST', 'localhost'),
+      :port                     => 389,
+      :admin_user               => 'uid=admin,dc=rubyldap,dc=com',
+      :admin_password           => 'passworD1',
+      :search_domains           => %w(dc=rubyldap,dc=com),
+      :uid                      => 'uid',
+      :instrumentation_service  => @service
+  end
+end

data/test/test_ldap.rb

@@ -0,0 +1,60 @@
+require 'test_helper'
+
+class TestLDAPInstrumentation < Test::Unit::TestCase
+  def setup
+    @connection = flexmock(:connection, :close => true)
+    flexmock(Net::LDAP::Connection).should_receive(:new).and_return(@connection)
+
+    @service = MockInstrumentationService.new
+    @subject = Net::LDAP.new \
+      :host => "test.mocked.com", :port => 636,
+      :force_no_page => true, # so server capabilities are not queried
+      :instrumentation_service => @service
+  end
+
+  def test_instrument_bind
+    events = @service.subscribe "bind.net_ldap"
+
+    bind_result = flexmock(:bind_result, :success? => true)
+    flexmock(@connection).should_receive(:bind).with(Hash).and_return(bind_result)
+
+    assert @subject.bind
+
+    payload, result = events.pop
+    assert result
+    assert_equal bind_result, payload[:bind]
+  end
+
+  def test_instrument_search
+    events = @service.subscribe "search.net_ldap"
+
+    flexmock(@connection).should_receive(:bind).and_return(flexmock(:bind_result, :result_code => Net::LDAP::ResultCodeSuccess))
+    flexmock(@connection).should_receive(:search).with(Hash, Proc).
+                yields(entry = Net::LDAP::Entry.new("uid=user1,ou=users,dc=example,dc=com")).
+                and_return(flexmock(:search_result, :success? => true, :result_code => Net::LDAP::ResultCodeSuccess))
+
+    assert_not_nil @subject.search(:filter => "(uid=user1)")
+
+    payload, result = events.pop
+    assert_equal [entry], result
+    assert_equal [entry], payload[:result]
+    assert_equal "(uid=user1)", payload[:filter]
+  end
+
+  def test_instrument_search_with_size
+    events = @service.subscribe "search.net_ldap"
+
+    flexmock(@connection).should_receive(:bind).and_return(flexmock(:bind_result, :result_code => Net::LDAP::ResultCodeSuccess))
+    flexmock(@connection).should_receive(:search).with(Hash, Proc).
+                yields(entry = Net::LDAP::Entry.new("uid=user1,ou=users,dc=example,dc=com")).
+                and_return(flexmock(:search_result, :success? => true, :result_code => Net::LDAP::ResultCodeSizeLimitExceeded))
+
+    assert_not_nil @subject.search(:filter => "(uid=user1)", :size => 1)
+
+    payload, result = events.pop
+    assert_equal [entry], result
+    assert_equal [entry], payload[:result]
+    assert_equal "(uid=user1)", payload[:filter]
+    assert_equal result.size, payload[:size]
+  end
+end

data/test/test_ldap_connection.rb

@@ -0,0 +1,404 @@
+require File.expand_path('../test_helper', __FILE__)
+
+class TestLDAPConnection < Test::Unit::TestCase
+  def test_unresponsive_host
+    assert_raise Net::LDAP::Error do
+      Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636)
+    end
+  end
+
+  def test_blocked_port
+    flexmock(TCPSocket).should_receive(:new).and_raise(SocketError)
+    assert_raise Net::LDAP::Error do
+      Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636)
+    end
+  end
+
+  def test_raises_unknown_exceptions
+    error = Class.new(StandardError)
+    flexmock(TCPSocket).should_receive(:new).and_raise(error)
+    assert_raise error do
+      Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636)
+    end
+  end
+
+  def test_modify_ops_delete
+    args = { :operations => [ [ :delete, "mail" ] ] }
+    result = Net::LDAP::Connection.modify_ops(args[:operations])
+    expected = [ "0\r\n\x01\x010\b\x04\x04mail1\x00" ]
+    assert_equal(expected, result)
+  end
+
+  def test_modify_ops_add
+    args = { :operations => [ [ :add, "mail", "testuser@example.com" ] ] }
+    result = Net::LDAP::Connection.modify_ops(args[:operations])
+    expected = [ "0#\n\x01\x000\x1E\x04\x04mail1\x16\x04\x14testuser@example.com" ]
+    assert_equal(expected, result)
+  end
+
+  def test_modify_ops_replace
+    args = { :operations =>[ [ :replace, "mail", "testuser@example.com" ] ] }
+    result = Net::LDAP::Connection.modify_ops(args[:operations])
+    expected = [ "0#\n\x01\x020\x1E\x04\x04mail1\x16\x04\x14testuser@example.com" ]
+    assert_equal(expected, result)
+  end
+
+  def test_write
+    mock = flexmock("socket")
+    mock.should_receive(:write).with([1.to_ber, "request"].to_ber_sequence).and_return(true)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+    conn.send(:write, "request")
+  end
+
+  def test_write_with_controls
+    mock = flexmock("socket")
+    mock.should_receive(:write).with([1.to_ber, "request", "controls"].to_ber_sequence).and_return(true)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+    conn.send(:write, "request", "controls")
+  end
+
+  def test_write_increments_msgid
+    mock = flexmock("socket")
+    mock.should_receive(:write).with([1.to_ber, "request1"].to_ber_sequence).and_return(true)
+    mock.should_receive(:write).with([2.to_ber, "request2"].to_ber_sequence).and_return(true)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+    conn.send(:write, "request1")
+    conn.send(:write, "request2")
+  end
+end
+
+class TestLDAPConnectionSocketReads < Test::Unit::TestCase
+  def make_message(message_id, options = {})
+    options = {
+      :app_tag => Net::LDAP::PDU::SearchResult,
+      :code => Net::LDAP::ResultCodeSuccess,
+      :matched_dn => "",
+      :error_message => ""
+    }.merge(options)
+    result = Net::BER::BerIdentifiedArray.new([options[:code], options[:matched_dn], options[:error_message]])
+    result.ber_identifier = options[:app_tag]
+    [message_id, result]
+  end
+
+  def test_queued_read_drains_queue_before_read
+    result1a = make_message(1, :error_message => "one")
+    result1b = make_message(1, :error_message => "two")
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).and_return(result1b)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.message_queue[1].push Net::LDAP::PDU.new(result1a)
+
+    assert msg1 = conn.queued_read(1)
+    assert msg2 = conn.queued_read(1)
+
+    assert_equal 1, msg1.message_id
+    assert_equal "one", msg1.error_message
+    assert_equal 1, msg2.message_id
+    assert_equal "two", msg2.error_message
+  end
+
+  def test_queued_read_reads_until_message_id_match
+    result1 = make_message(1)
+    result2 = make_message(2)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    assert result = conn.queued_read(2)
+    assert_equal 2, result.message_id
+    assert_equal 1, conn.queued_read(1).message_id
+  end
+
+  def test_queued_read_modify
+    result1 = make_message(1, :app_tag => Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, :app_tag => Net::LDAP::PDU::ModifyResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    conn.instance_variable_get("@msgid")
+
+    assert result = conn.modify(:dn => "uid=modified-user1,ou=People,dc=rubyldap,dc=com",
+                                :operations => [[:add, :mail, "modified-user1@example.com"]])
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_add
+    result1 = make_message(1, :app_tag => Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, :app_tag => Net::LDAP::PDU::AddResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.add(:dn => "uid=added-user1,ou=People,dc=rubyldap,dc=com")
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_rename
+    result1 = make_message(1, :app_tag => Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, :app_tag => Net::LDAP::PDU::ModifyRDNResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.rename(
+      :olddn =>  "uid=renamable-user1,ou=People,dc=rubyldap,dc=com",
+      :newrdn => "uid=renamed-user1"
+    )
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_delete
+    result1 = make_message(1, :app_tag => Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, :app_tag => Net::LDAP::PDU::DeleteResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.delete(:dn => "uid=deletable-user1,ou=People,dc=rubyldap,dc=com")
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_setup_encryption_with_start_tls
+    result1 = make_message(1, :app_tag => Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, :app_tag => Net::LDAP::PDU::ExtendedResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+    flexmock(Net::LDAP::Connection).should_receive(:wrap_with_ssl).with(mock, {}).
+      and_return(mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.setup_encryption(:method => :start_tls)
+    assert_equal mock, result
+  end
+
+  def test_queued_read_bind_simple
+    result1 = make_message(1, :app_tag => Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, :app_tag => Net::LDAP::PDU::BindResult)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.bind(
+      :method => :simple,
+      :username => "uid=user1,ou=People,dc=rubyldap,dc=com",
+      :password => "passworD1")
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_bind_sasl
+    result1 = make_message(1, :app_tag => Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, :app_tag => Net::LDAP::PDU::BindResult)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.bind(
+      :method => :sasl,
+      :mechanism => "fake",
+      :initial_credential => "passworD1",
+      :challenge_response => flexmock("challenge proc"))
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+end
+
+class TestLDAPConnectionErrors < Test::Unit::TestCase
+  def setup
+    @tcp_socket = flexmock(:connection)
+    @tcp_socket.should_receive(:write)
+    flexmock(TCPSocket).should_receive(:new).and_return(@tcp_socket)
+    @connection = Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636)
+  end
+
+  def test_error_failed_operation
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeUnwillingToPerform, "", "The provided password value was rejected by a password validator:  The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.  The minimum number of characters from that set that must be present in user passwords is 1"])
+    ber.ber_identifier = Net::LDAP::PDU::ModifyResponse
+    @tcp_socket.should_receive(:read_ber).and_return([1, ber])
+
+    result = @connection.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]])
+    assert result.failure?, "should be failure"
+    assert_equal "The provided password value was rejected by a password validator:  The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.  The minimum number of characters from that set that must be present in user passwords is 1", result.error_message
+  end
+
+  def test_no_error_on_success
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::ModifyResponse
+    @tcp_socket.should_receive(:read_ber).and_return([1, ber])
+
+    result = @connection.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]])
+    assert result.success?, "should be success"
+    assert_equal "", result.error_message
+  end
+end
+
+class TestLDAPConnectionInstrumentation < Test::Unit::TestCase
+  def setup
+    @tcp_socket = flexmock(:connection)
+    @tcp_socket.should_receive(:write)
+    flexmock(TCPSocket).should_receive(:new).and_return(@tcp_socket)
+
+    @service = MockInstrumentationService.new
+    @connection = Net::LDAP::Connection.new \
+      :host => 'test.mocked.com',
+      :port => 636,
+      :instrumentation_service => @service
+  end
+
+  def test_write_net_ldap_connection_event
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::BindResult
+    read_result = [1, ber]
+    @tcp_socket.should_receive(:read_ber).and_return(read_result)
+
+    events = @service.subscribe "write.net_ldap_connection"
+
+    result = @connection.bind(:method => :anon)
+    assert result.success?, "should be success"
+
+    # a write event
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert payload.has_key?(:content_length)
+  end
+
+  def test_read_net_ldap_connection_event
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::BindResult
+    read_result = [1, ber]
+    @tcp_socket.should_receive(:read_ber).and_return(read_result)
+
+    events = @service.subscribe "read.net_ldap_connection"
+
+    result = @connection.bind(:method => :anon)
+    assert result.success?, "should be success"
+
+    # a read event
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert_equal read_result, result
+  end
+
+  def test_parse_pdu_net_ldap_connection_event
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::BindResult
+    read_result = [1, ber]
+    @tcp_socket.should_receive(:read_ber).and_return(read_result)
+
+    events = @service.subscribe "parse_pdu.net_ldap_connection"
+
+    result = @connection.bind(:method => :anon)
+    assert result.success?, "should be success"
+
+    # a parse_pdu event
+    payload, result = events.pop
+    assert payload.has_key?(:pdu)
+    assert payload.has_key?(:app_tag)
+    assert payload.has_key?(:message_id)
+    assert_equal Net::LDAP::PDU::BindResult, payload[:app_tag]
+    assert_equal 1, payload[:message_id]
+    pdu = payload[:pdu]
+    assert_equal Net::LDAP::ResultCodeSuccess, pdu.result_code
+  end
+
+  def test_bind_net_ldap_connection_event
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::BindResult
+    bind_result = [1, ber]
+    @tcp_socket.should_receive(:read_ber).and_return(bind_result)
+
+    events = @service.subscribe "bind.net_ldap_connection"
+
+    result = @connection.bind(:method => :anon)
+    assert result.success?, "should be success"
+
+    # a read event
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert result.success?, "should be success"
+  end
+
+  def test_search_net_ldap_connection_event
+    # search data
+    search_data_ber = Net::BER::BerIdentifiedArray.new([1, [
+      "uid=user1,ou=People,dc=rubyldap,dc=com",
+      [ ["uid", ["user1"]] ]
+    ]])
+    search_data_ber.ber_identifier = Net::LDAP::PDU::SearchReturnedData
+    search_data = [1, search_data_ber]
+    # search result (end of results)
+    search_result_ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    search_result_ber.ber_identifier = Net::LDAP::PDU::SearchResult
+    search_result = [1, search_result_ber]
+    @tcp_socket.should_receive(:read_ber).and_return(search_data).
+                                          and_return(search_result)
+
+    events = @service.subscribe "search.net_ldap_connection"
+    unread = @service.subscribe "search_messages_unread.net_ldap_connection"
+
+    result = @connection.search(:filter => "(uid=user1)", :base => "ou=People,dc=rubyldap,dc=com")
+    assert result.success?, "should be success"
+
+    # a search event
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert payload.has_key?(:filter)
+    assert_equal "(uid=user1)", payload[:filter].to_s
+    assert result
+
+    # ensure no unread
+    assert unread.empty?, "should not have any leftover unread messages"
+  end
+end